firewall by mac address, ignore in dhcpd?

To: netbsd-users%netbsd.org@localhost
Subject: firewall by mac address, ignore in dhcpd?
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Fri, 15 Dec 2023 11:29:11 -0500

I have a system with a wm(4) interface, and a vlan.  I have wifi where
one ssid goes on trunk and one goes on a specific other vlan tag,
configured as vlan0.  dhcpd serves one subnet to wm0 and another to
vlan0.

For reasons that are not clear, I am seeing packets from hosts that
should be on the vlan also appear on wm0, and I want dhcpd to ignore
those.   I think this may be a Unifi bug.

I dimly remember there was a facility to firewall by mac address, but I
can't find it now in ipfilter.  I don't see it in npf either.  But, that
might block it from the stack, not dhcpd which at least used to use bpf.

In dhcpd, I can ignore by mac address, globally.  And I can 'deny' in
the pool for wm0.  But I need these hosts to get addrs on vlan1.  If I
deny in wm0, then they get NAKs for "no address in pool" and I want them
to be ignored.

So:

  any way to firewall by mac addr?

  any way to have dhcpd ignore by mac on one subnet but not the other?

Follow-Ups:
- Re: firewall by mac address, ignore in dhcpd?
  - From: Steve Woodford

Prev by Date: Re: mutt and gmail on NetBSD
Next by Date: Re: mutt and gmail on NetBSD
Previous by Thread: mutt and gmail on NetBSD
Next by Thread: Re: firewall by mac address, ignore in dhcpd?
Indexes:

Home | Main Index | Thread Index | Old Index